Web analytics traffic metrics best practices for government agencies


Webtrends Analytics 8.x
Webtrends Analytics 9.x


Recent media confusion over the proper use of cookies on federal government agency web sites has heightened the need for all organizations to understand the definitions and technology behind web analytic solutions in order to properly assess your web analytics and privacy strategies. It’s important to note that this is not a vendor-specific issue, as the principles here apply to the technology rather than one vendor‘s approach. Certain vendors offer more choices and flexibility than others, but all use some form of metrics aggregation derived from these same technology principles. Each agency must determine the best approach given their objectives and to ensure that they are in compliance with their privacy policies and the OMBs established guidelines.

The media has recently focused primarily on the use of persistent tracking technologies at federal government agency web sites, which is being reported as a violation of OMB regulations. There are procedures to follow to gain exception to these guidelines and we encourage you to gain a thorough understanding of the documents available by contacting the OMB or view them at:


We also recommend that you contact your site administrator/webmaster to determine whether your site is utilizing cookies, and whether they are session or persistent cookies. Then determine if that practice is consistent with your privacy policy and federal regulations as they apply to your organization. Webtrends is also here to help you should you have any questions or particular concerns, and have dedicated resources to assist you quickly. Please contact technical support for further information.

Webtrends’ web analytics solutions offer customers a broad range of alternatives ranging from using no cookies, using session-based cookies, using session parameters or using persistent cookies. We also offer first-party cookies for both software and hosted solutions ensuring that our customers have the most accurate and privacy-conscious method to track visit or visitor behavior, which has since become the recommended best practice industry-wide. If you decide to use cookies, we strongly recommend you utilize your own first-party cookie. Third-party cookies are increasingly blocked from being set on user’s machines due to settings in web browsers and other applications, so by utilizing a first-party cookie (either session or persistent) you’ll have more accurate metrics and minimize privacy concerns by using your own true first-party cookie. Of course, this is not an issue for software customers, as Webtrends software does not utilize third-party cookies. It’s critical to note that unlike a third-party cookie from an advertising network, Webtrends third-party cookies cannot be used to track visitors across different customers web sites. Webtrends cookies and our solution’s architecture are not constructed to support tracking visitors across multiple customers’ web sites, and our purposefully strong privacy policy commits to not developing this functionality in the future.

When selecting and implementing web analytics solutions, it’s important that you have basic knowledge of underlying technologies including data collection and sessionization methods in order to ensure that the solution meets both your business and privacy requirements.

Data collection: log files vs. page tags

There are two main ways to collect web site data: log files and client-side data collection (also known as page tags, Web beacons, pixel technology and recently in the press “web bugs”). Log files are produced by your web servers: they are the most established and popular form of data collection. However, they’re also the least accurate. As pages are served by your web server, they’re frequently cached by a variety of services and mechanisms, which prevents subsequent requests for those pages from being “seen” by your web server. Client-side data collection prevents these accuracy issues because data is collected directly from the visitor’s browser by a dedicated data collection facility. The very act of loading the page in a browser will cause the data to be transmitted. Contrary to popular belief, this approach to data collection is not a hosted-only option, Webtrends provides it in both hosted and software solutions.

Sessionization methods
Sessionization refers to various methods that web analytics solution use to order a sequence of actions or requests made by an individual during the course of a visit, or “session”, to the web site. Sessionization is essential to understand whether visitors are having a good experience or not, determining where they get lost or frustrated, how deeply they delve into the site’s content and where the opportunities are for site organizational improvements. Webtrends uses a variety of techniques to per form sessionization, some of which involve cookies and others of which do not. Which of these techniques are utilized is at the discretion and complete control of the site(s) owner. Log files and page tags capture information that includes what page was viewed, for how long it was viewed and some details about the visitor’s computer including its IP address, browser and operating system utilized, and its display settings. However, without a sessionization method, log files and page tags have no reliable way of knowing that an individual that viewed page 1 is also the same person who viewed page 2.

Following are brief descriptions of the sessionization techniques used by Webtrends. It is important to note that all of these techniques, except for Authenticated User, are user-anonymous. In other words, neither Webtrends nor the site owner has any personal information about the visitors to the site(s). Furthermore, none of techniques involve the aggregation or consolidation of data across different site owners in any way.

Non-cookie sessionization methods

  • IP+Agent – IP-based sessionization uses the Internet protocol (IP) address assigned to the user’s machine by their service provider. Since IP addresses are frequently shared by multiple individuals using the same ISP or proxy, the browser “agent” information (e.g. browser type and version) is appended to the IP address to increase the accuracy of visit related information.
    • Pros: organizations with the strictest privacy policies can obtain more accurate counts of visits, page views, and paths taken than IP-only methods.
    • Cons: only better than IP-only sessionization. Does not provide unique visitor or repeat visitor metrics.
    Session Parameter / ID – this is a more accurate form of sessionization that typically involves a random sequence of numbers and/or letters being assigned to each visitor that is then passed back with each subsequent request during the visit. Each ID value is retired once the visit ends.
    • Pros: offers more accurate visit-related metrics (visits, page views,and paths taken) than IP+Agent without serving any type of cookie.
    • Cons: does not provide unique or repeat visitor metrics as it is not a persistent method.
  • Authenticated User – this form of sessionization requires a user name, and typically an associated password, to be provided during the course of the visit. For public web sites, the user name must have been explicitly provided by the user. Private web sites, such as intranets and extranets, will frequently utilize the user’s network user name in the same manner as a session parameter to sessionize a visit, but logins can also be used to identify returning visitors provided visitors are required to log in to the web site during every visit.
    • Pros: offers the most accurate visitor and visit-related information.
    • Cons: required logins are not appropriate for many web sites.

Cookie-based sessionization methods
  • Session Cookie – cookie-based sessionization techniques involve placing a third or first-party cookie on the user’s machine containing a randomly generated ID value that, just like session parameters, is passed back with each subsequent request. Session cookies, as the name implies, are cookies that remain on the user’s machine only for the duration of the visit, after which they are automatically deleted by the browser. They can be either first or third-party cookies.
    • Pros: offers accurate visit-related metrics (visits, page views, and paths taken).
    • Cons: does not provide unique or repeat visitor metrics as it is not a persistent method.
  • Persistent Cookie – persistent cookies use the same anonymous ID value approach as session cookies, but the cookie remains on the user’s machine until explicitly deleted, or until the expiration date is reached (a date established by the site owner). The purpose of this approach is to analyze the behavior of unique visitors to a single owner’s site(s) across visit sessions. Persistent cookies can be either first or third-party cookies. In addition, persistent cookies allow sites to determine if different segments of visitors have different needs, such as frequent visitors versus first-time visitors.
    • Pros: offers a standard method that does not use personally identifiable information for accurate visitor information over time, such as number of visits by a visitor, or comparing the behavior of new vs. repeat visitors, or buyers vs. non-buyers.
    • Cons: not permitted on federal government agency sites (.gov and .mil) without permission.